VM

 View Only
  • 1.  Migration to a new VM release w/ encrypted passwords

    Posted Jul 24, 2017 07:52 PM

    We are currently starting to use ENCRYPT REVERSE passwords in VM:Secure.   I'm guessing the way to migrate to a new release of z/VM is to:

     - Unencrypt the system/directory

     - Merge the old and new directories like in the past

     - Reencrypt the system and directory again

    Awkward, but doable.    Anyone have a better way?

     

    Then there's the case if security pushes us to ENCRYPT FORWARD where you can't unencrypt the passwords.   How do you merge directories with some passwords encrypted and some not?

     

    Thanks for any thoughts or ideas or....

    Lee 



  • 2.  Re: Migration to a new VM release w/ encrypted passwords
    Best Answer

    Broadcom Employee
    Posted Jul 26, 2017 04:06 PM

    Lee,

    You are correct, you will need to merge directories and will need to have the passwords either all encrypted or non of them encrypted.

     

    Why not encrypt the passwords on the new system and when you merge the entries all will be encrypted and you will have the correct CP pieces in place for encryption (RPI configuration) on your base system.

     

    1. You MUST do the exact same encryption on the new system as the old with the EXACT same encryption key or it won’t work.  If you want to change to a different encryption you will have to get everything in plain text (if you are NOT running with reverse encryption) in order to redo your encryption scheme
    2. By putting in encryption in the new system you have to put the CP text decks in place and configured right for it to work. Pulling over the 1b0 files from one system to another will have all encrypted passwords so it will all work once you bring the product up with a SOURCE start.

     

    You have to have a directory of all encrypted or all plain text you can’t have both.

     

    Regards,

    Kevin